{"id":506,"date":"2026-01-11T15:04:22","date_gmt":"2026-01-11T15:04:22","guid":{"rendered":"https:\/\/rmfsales.com\/?p=506"},"modified":"2026-01-11T15:33:14","modified_gmt":"2026-01-11T15:33:14","slug":"hacking-20","status":"publish","type":"post","link":"https:\/\/rmfsales.com\/?p=506","title":{"rendered":"Offsec Proving Grounds Walkthrough &#8211; Interface"},"content":{"rendered":"<p>This was a good one! This is a walkthrough of <a class=\"f51fbe82 _387788e5\" href=\"https:\/\/www.linkedin.com\/company\/offsec-training\/\" data-view-name=\"feed-commentary\"><span class=\"_378e2bd7\"><strong>OffSec<\/strong><\/span><\/a> Proving Grounds machine &#8220;Interface&#8221;. I haven&#8217;t seen any walkthroughs of this machine out there. In this video we use hydra to brute force a node.js web application after using the browser&#8217;s developer tools to discover API endpoints (user list). We then use developer tools again along with Burp Suite to escalate our access and exploit the file backup feature of the app to get a root shell ***SPOILER***Walkthrough of the machine called &#8220;Interface&#8221; in the Offsec Proving Grounds&#8230;don&#8217;t watch unless you want help getting through the machine.<\/p>\n<div class=\"jetpack-video-wrapper\"><iframe loading=\"lazy\" title=\"Offsec Proving Grounds Walkthrough - Interface\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/gf_0f4_YlDY?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/div>\n","protected":false},"excerpt":{"rendered":"<p>This was a good one! This is a walkthrough of OffSec Proving Grounds machine &#8220;Interface&#8221;. I haven&#8217;t seen any walkthroughs of this machine out there. In this video we use hydra to brute force a node.js web application after using the browser&#8217;s developer tools to discover API endpoints (user list).&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"nf_dc_page":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[53,48,7,27,80,55,73,44,10,54],"tags":[51,13,28,82,57,74,46,15,56],"class_list":["post-506","post","type-post","status-publish","format-standard","hentry","category-ethical-hacking","category-hacking","category-linux","category-networking","category-node-js","category-offsec","category-python","category-security","category-tutorial","category-walkthrough","tag-cybersecurity","tag-linux","tag-networking","tag-node-js","tag-offsec","tag-python","tag-security","tag-tutorial","tag-walkthrough"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/rmfsales.com\/index.php?rest_route=\/wp\/v2\/posts\/506","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rmfsales.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rmfsales.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rmfsales.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rmfsales.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=506"}],"version-history":[{"count":1,"href":"https:\/\/rmfsales.com\/index.php?rest_route=\/wp\/v2\/posts\/506\/revisions"}],"predecessor-version":[{"id":507,"href":"https:\/\/rmfsales.com\/index.php?rest_route=\/wp\/v2\/posts\/506\/revisions\/507"}],"wp:attachment":[{"href":"https:\/\/rmfsales.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=506"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rmfsales.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=506"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rmfsales.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=506"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}